package com.interview.controller;

import com.interview.security.RequiresPermission;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

/**
 * 演示Controller
 * 展示不同权限级别的接口调用
 * 
 * @author 赵志伟
 * @date 2025-10-30
 */
@RestController
@RequestMapping("/demo")
public class DemoController {

    /**
     * 模拟登录接口（不受拦截器限制）
     * 测试地址: POST /login
     */
    @PostMapping("/login")
    public Map<String, Object> login(@RequestParam String username, 
                                   @RequestParam String password,
                                   HttpServletRequest request) {
        Map<String, Object> result = new HashMap<>();
        
        // 简单的用户验证逻辑
        if ("admin".equals(username) && "123456".equals(password)) {
            request.getSession().setAttribute("LOGIN_USER_ID", "admin");
            result.put("code", 200);
            result.put("message", "登录成功");
            result.put("token", "admin_token");
        } else if ("user001".equals(username) && "123456".equals(password)) {
            request.getSession().setAttribute("LOGIN_USER_ID", "user001");
            result.put("code", 200);
            result.put("message", "登录成功");
            result.put("token", "user_token");
        } else {
            result.put("code", 400);
            result.put("message", "用户名或密码错误");
        }
        
        return result;
    }

    /**
     * 无权限要求的接口
     * 只要登录即可访问
     * 测试地址: GET /demo/info
     */
    @GetMapping("/info")
    public Map<String, Object> getInfo() {
        Map<String, Object> result = new HashMap<>();
        result.put("code", 200);
        result.put("message", "获取信息成功");
        result.put("data", "这是一个只需要登录就能访问的接口");
        return result;
    }

    /**
     * 需要用户查询权限的接口
     * 测试地址: GET /demo/users
     */
    @RequiresPermission("user:query")
    @GetMapping("/users")
    public Map<String, Object> getUsers() {
        Map<String, Object> result = new HashMap<>();
        result.put("code", 200);
        result.put("message", "查询用户成功");
        result.put("data", new String[]{"admin", "user001", "user002"});
        return result;
    }

    /**
     * 需要用户编辑权限的接口
     * 测试地址: PUT /demo/users/{id}
     */
    @RequiresPermission("user:edit")
    @PutMapping("/users/{id}")
    public Map<String, Object> updateUser(@PathVariable String id, 
                                        @RequestBody Map<String, Object> userData) {
        Map<String, Object> result = new HashMap<>();
        result.put("code", 200);
        result.put("message", "更新用户成功");
        result.put("data", "用户ID: " + id + " 已更新");
        return result;
    }

    /**
     * 需要用户删除权限的接口（只有admin有此权限）
     * 测试地址: DELETE /demo/users/{id}
     */
    @RequiresPermission("user:delete")
    @DeleteMapping("/users/{id}")
    public Map<String, Object> deleteUser(@PathVariable String id) {
        Map<String, Object> result = new HashMap<>();
        result.put("code", 200);
        result.put("message", "删除用户成功");
        result.put("data", "用户ID: " + id + " 已删除");
        return result;
    }

    /**
     * 需要系统配置权限的接口（只有admin有此权限）
     * 测试地址: GET /demo/system/config
     */
    @RequiresPermission("system:config")
    @GetMapping("/system/config")
    public Map<String, Object> getSystemConfig() {
        Map<String, Object> result = new HashMap<>();
        result.put("code", 200);
        result.put("message", "获取系统配置成功");
        Map<String, Object> configData = new HashMap<>();
        configData.put("maxUsers", 1000);
        configData.put("enableCache", true);
        configData.put("logLevel", "INFO");
        result.put("data", configData);
        return result;
    }

    /**
     * 类级别权限控制示例
     * 整个AdminController都需要admin权限
     */
    @RestController
    @RequestMapping("/demo/admin")
    @RequiresPermission("system:monitor")
    public static class AdminController {
        
        @GetMapping("/dashboard")
        public Map<String, Object> getDashboard() {
            Map<String, Object> result = new HashMap<>();
            result.put("code", 200);
            result.put("message", "获取管理面板数据成功");
            Map<String, Object> dashboardData = new HashMap<>();
            dashboardData.put("onlineUsers", 156);
            dashboardData.put("totalRequests", 98765);
            dashboardData.put("systemLoad", "12%");
            result.put("data", dashboardData);
            return result;
        }
        
        @GetMapping("/logs")
        public Map<String, Object> getLogs() {
            Map<String, Object> result = new HashMap<>();
            result.put("code", 200);
            result.put("message", "获取系统日志成功");
            result.put("data", new String[]{
                "2025-10-30 20:30:01 INFO 用户登录成功",
                "2025-10-30 20:30:05 WARN 请求频率过高",
                "2025-10-30 20:30:10 ERROR 数据库连接异常"
            });
            return result;
        }
    }
}
